Passive Operating System Fingerprinting Analysis Using Artificial Intelligence Techniques

Abstract

Modern enterprise networks are complex and present countless security challenges. Understanding the nature of the systems that exist within a network environment is a vital step in securing such environments. Therefore, operating systems on the network must be identified, tracked, and continuously monitored. In this research, we consider the problem of detecting unauthorized operating systems on an enterprise network, which could exist because of the unintentional actions of an authorized user or the unauthorized actions of internal users or external attackers. We intend to utilize an artificial neural network-based classifier [ANN], which will be developed using the PyTorch and fastai deep learning libraries. Simulated network traffic has been generated through the implementation of two separate virtual network environments, and the generated traffic was passively collected and analyzed prior to traversing the network boundary. The performance evaluation of the neural network classifier will be analyzed using the collected data in this research.